Date: Mon, 25 Jun 2001 20:59:11 -0700 (PDT) From: Ivar Hosteng <ivar@ih36.com> To: freebsd-gnats-submit@FreeBSD.org Subject: kern/28418: XFree86 4.X panics FreeBSD 4.3-STABLE on Asus A7A266 motherboard Message-ID: <200106260359.f5Q3xBw03417@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 28418
>Category: kern
>Synopsis: XFree86 4.X panics FreeBSD 4.3-STABLE on Asus A7A266 motherboard
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Jun 25 21:00:07 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator: Ivar Hosteng
>Release: 4.3-STABLE
>Organization:
none
>Environment:
FreeBSD soundserver.sydney.hosteng.net 4.3-STABLE FreeBSD 4.3-STABLE #1: Tue Jun 26 09:55:15 EST 2001 root@soundserver.sydney.hosteng.net:/usr/src/sys/compile/erik i386
>Description:
When starting the X server on my Asus A7A266 motherboard the kernel panics. The Graphics cards used are Nvidia Geoforce 2/GTS and Ati Rage128.
I have run the crashdump through gbd -k and here is the output:
bash-2.05# gdb -k /usr/src/sys/compile/erik/kernel.debug vmcore.2
GNU gdb 4.18
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-unknown-freebsd"...
IdlePTD 3895296
initial pcb at 315a20
panicstr: general protection fault
panic messages:
---
Fatal trap 9: general protection fault while in kernel mode
instruction pointer = 0x8:0xc0279963
stack pointer = 0x10:0xd1531cf0
frame pointer = 0x10:0xd1531d10
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = resume, IOPL = 3
current process = 460 (XFree86)
interrupt mask = none
trap number = 9
panic: general protection fault
syncing disks...
done
Uptime: 13m25s
dumping to dev #ad/0x20004, offset 262304
dump ata0: resetting devices .. done
383 382 381 380 379 378 377 376 375 374 373 372 371 370 369 368 367 366 365 364 363 362 361 360 359 358 357 356 355 354 353 352 351 350 349 348 347 346 345 344 343 342 341 340 339 338 337 336 335 334 333 332 331 330 329 328 327 326 325 324 323 322 321 320 319 318 317 316 315 314 313 312 311 310 309 308 307 306 305 304 303 302 301 300 299 298 297 296 295 294 293 292 291 290 289 288 287 286 285 284 283 282 281 280 279 278 277 276 275 274 273 272 271 270 269 268 267 266 265 264 263 262 261 260 259 258 257 256 255 254 253 252 251 250 249 248 247 246 245 244 243 242 241 240 239 238 237 236 235 234 233 232 231 230 229 228 227 226 225 224 223 222 221 220 219 218 217 216 215 214 213 212 211 210 209 208 207 206 205 204 203 202 201 200 199 198 197 196 195 194 193 192 191 190 189 188 187 186 185 184 183 182 181 180 179 178 177 176 175 174 173 172 171 170 169 168 167 166 165 164 163 162 161 160 159 158 157 156 155 154 153 152 151 150 149 148 147 146 145 144 143 142 141 140 139 138 137 136 135 134 133 132 131 130 129 128 127 126 125 124 123 122 121 120 119 118 117 116 115 114 113 112 111 110 109 108 107 106 105 104 103 102 101 100 99 98 97 96 95 94 93 92 91 90 89 88 87 86 85 84 83 82 81 80 79 78 77 76 75 74 73 72 71 70 69 68 67 66 65 64 63 62 61 60 59 58 57 56 55 54 53 52 51 50 49 48 47 46 45 44 43 42 41 40 39 38 37 36 35 34 33 32 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
---
#0 dumpsys () at ../../kern/kern_shutdown.c:472
472 if (dumping++) {
(kgdb) bt
#0 dumpsys () at ../../kern/kern_shutdown.c:472
#1 0xc01422d3 in boot (howto=256) at ../../kern/kern_shutdown.c:312
#2 0xc0142650 in poweroff_wait (junk=0xc02c3bc5, howto=-783189792) at ../../kern/kern_shutdown.c:559
#3 0xc02862f9 in trap_fatal (frame=0xd1531cb0, eva=0) at ../../i386/i386/trap.c:951
#4 0xc0285cdb in trap (frame={tf_fs = 16, tf_es = 16, tf_ds = 16, tf_edi = -1, tf_esi = -1, tf_ebp = -783082224, tf_isp = -783082276, tf_ebx = -1,
tf_edx = -1, tf_ecx = 592, tf_eax = -1, tf_trapno = 9, tf_err = 0, tf_eip = -1071146653, tf_cs = 8, tf_eflags = 77974, tf_esp = 65535, tf_ss = 0})
at ../../i386/i386/trap.c:613
#5 0xc0279963 in i686_mrstoreone (arg=0xc0335374) at ../../i386/i386/i686_mem.c:290
#6 0xc02798a9 in i686_mrstore (sc=0xc0335374) at ../../i386/i386/i686_mem.c:253
#7 0xc0279ee5 in i686_mrset (sc=0xc0335374, mrd=0xc125b200, arg=0xd1531eb0) at ../../i386/i386/i686_mem.c:489
#8 0xc0281365 in mem_range_attr_set (mrd=0xc125b200, arg=0xd1531eb0) at ../../i386/i386/mem.c:442
#9 0xc02812e1 in mem_ioctl (dev=0xc03143b0, cmd=2148298035, data=0xd1531eac "<ú¿¿", flags=3, p=0xd15178e0) at ../../i386/i386/mem.c:405
#10 0xc0281198 in mmioctl (dev=0xc03143b0, cmd=2148298035, data=0xd1531eac "<ú¿¿", flags=3, p=0xd15178e0) at ../../i386/i386/mem.c:341
#11 0xc0179ea2 in spec_ioctl (ap=0xd1531de8) at ../../miscfs/specfs/spec_vnops.c:306
#12 0xc0179bcd in spec_vnoperate (ap=0xd1531de8) at ../../miscfs/specfs/spec_vnops.c:119
#13 0xc021122d in ufs_vnoperatespec (ap=0xd1531de8) at ../../ufs/ufs/ufs_vnops.c:2391
#14 0xc017644f in vn_ioctl (fp=0xc133ce00, com=2148298035, data=0xd1531eac "<ú¿¿", p=0xd15178e0) at vnode_if.h:429
#15 0xc0150afe in ioctl (p=0xd15178e0, uap=0xd1531f80) at ../../sys/file.h:177
#16 0xc02865a5 in syscall2 (frame={tf_fs = 47, tf_es = 47, tf_ds = 47, tf_edi = 983040, tf_esi = 65536, tf_ebp = -1077937576, tf_isp = -783081516,
tf_ebx = -1077937604, tf_edx = 673613360, tf_ecx = 0, tf_eax = 54, tf_trapno = 0, tf_err = 2, tf_eip = 673249384, tf_cs = 31, tf_eflags = 12935,
tf_esp = -1077937668, tf_ss = 47}) at ../../i386/i386/trap.c:1150
#17 0xc0278055 in Xint0x80_syscall ()
#18 0x80910fd in ?? ()
#19 0x8095663 in ?? ()
#20 0x82f10dc in ?? ()
#21 0x82d79be in ?? ()
#22 0x806b7c4 in ?? ()
#23 0x80baade in ?? ()
#24 0x806b045 in ?? ()
(kgdb) disassemble ../../i386/i386/i686_mem.c:290
A syntax error in expression, near `./../i386/i386/i686_mem.c:290'.
(kgdb) disassemble 0xc0279963
Dump of assembler code for function i686_mrstoreone:
0xc02798ac <i686_mrstoreone>: push %ebp
0xc02798ad <i686_mrstoreone+1>: mov %esp,%ebp
0xc02798af <i686_mrstoreone+3>: sub $0x14,%esp
0xc02798b2 <i686_mrstoreone+6>: push %edi
0xc02798b3 <i686_mrstoreone+7>: push %esi
0xc02798b4 <i686_mrstoreone+8>: push %ebx
0xc02798b5 <i686_mrstoreone+9>: mov 0x8(%ebp),%eax
0xc02798b8 <i686_mrstoreone+12>: mov %eax,0xfffffffc(%ebp)
0xc02798bb <i686_mrstoreone+15>: mov 0xc(%eax),%edx
0xc02798be <i686_mrstoreone+18>: mov %edx,0xfffffff8(%ebp)
0xc02798c1 <i686_mrstoreone+21>: call 0xc02852fc <rcr4>
0xc02798c6 <i686_mrstoreone+26>: mov %eax,0xffffffec(%ebp)
0xc02798c9 <i686_mrstoreone+29>: cmpb $0x0,0xffffffec(%ebp)
0xc02798cd <i686_mrstoreone+33>: jge 0xc02798da <i686_mrstoreone+46>
0xc02798cf <i686_mrstoreone+35>: and $0x7f,%al
0xc02798d1 <i686_mrstoreone+37>: push %eax
0xc02798d2 <i686_mrstoreone+38>: call 0xc0285300 <load_cr4>
0xc02798d7 <i686_mrstoreone+43>: add $0x4,%esp
0xc02798da <i686_mrstoreone+46>: call 0xc02852ec <rcr0>
0xc02798df <i686_mrstoreone+51>: and $0xdfffffff,%eax
0xc02798e4 <i686_mrstoreone+56>: or $0x40000000,%eax
0xc02798e9 <i686_mrstoreone+61>: push %eax
0xc02798ea <i686_mrstoreone+62>: call 0xc02852e4 <load_cr0>
0xc02798ef <i686_mrstoreone+67>: add $0x4,%esp
0xc02798f2 <i686_mrstoreone+70>: wbinvd
0xc02798f4 <i686_mrstoreone+72>: mov $0x2ff,%ecx
0xc02798f9 <i686_mrstoreone+77>: rdmsr
0xc02798fb <i686_mrstoreone+79>: and $0xf7,%ah
0xc02798fe <i686_mrstoreone+82>: and $0xffffffff,%edx
0xc0279901 <i686_mrstoreone+85>: wrmsr
0xc0279903 <i686_mrstoreone+87>: mov 0xfffffffc(%ebp),%ecx
0xc0279906 <i686_mrstoreone+90>: testb $0x1,0x4(%ecx)
0xc027990a <i686_mrstoreone+94>: je 0xc0279a49 <i686_mrstoreone+413>
0xc0279910 <i686_mrstoreone+100>: movl $0x250,0xfffffff0(%ebp)
0xc0279917 <i686_mrstoreone+107>: movl $0x0,0xfffffff4(%ebp)
0xc027991e <i686_mrstoreone+114>: mov %esi,%esi
0xc0279920 <i686_mrstoreone+116>: mov $0x0,%ebx
0xc0279925 <i686_mrstoreone+121>: mov $0x0,%esi
0xc027992a <i686_mrstoreone+126>: mov $0x7,%edi
0xc027992f <i686_mrstoreone+131>: nop
0xc0279930 <i686_mrstoreone+132>: shld $0x8,%ebx,%esi
0xc0279934 <i686_mrstoreone+136>: shl $0x8,%ebx
0xc0279937 <i686_mrstoreone+139>: lea 0x0(,%edi,8),%eax
0xc027993e <i686_mrstoreone+146>: sub %edi,%eax
0xc0279940 <i686_mrstoreone+148>: mov 0xfffffff8(%ebp),%edx
0xc0279943 <i686_mrstoreone+151>: pushl 0x10(%edx,%eax,4)
0xc0279947 <i686_mrstoreone+155>: call 0xc0279868 <i686_mtrrtype>
0xc027994c <i686_mrstoreone+160>: and $0xff,%eax
0xc0279951 <i686_mrstoreone+165>: cltd
0xc0279952 <i686_mrstoreone+166>: or %eax,%ebx
0xc0279954 <i686_mrstoreone+168>: or %edx,%esi
0xc0279956 <i686_mrstoreone+170>: add $0x4,%esp
0xc0279959 <i686_mrstoreone+173>: dec %edi
0xc027995a <i686_mrstoreone+174>: jns 0xc0279930 <i686_mrstoreone+132>
0xc027995c <i686_mrstoreone+176>: mov %ebx,%eax
0xc027995e <i686_mrstoreone+178>: mov %esi,%edx
0xc0279960 <i686_mrstoreone+180>: mov 0xfffffff0(%ebp),%ecx
0xc0279963 <i686_mrstoreone+183>: wrmsr
0xc0279965 <i686_mrstoreone+185>: addl $0xe0,0xfffffff8(%ebp)
0xc027996c <i686_mrstoreone+192>: incl 0xfffffff4(%ebp)
0xc027996f <i686_mrstoreone+195>: inc %ecx
---Type <return> to continue, or q <return> to quit---q
Quit
(kgdb) list ../../i386/i386/i686_mem.c:290
285 msrv = 0;
286 for (j = 7; j >= 0; j--) {
287 msrv = msrv << 8;
288 msrv |= (i686_mtrrtype((mrd + j)->mr_flags) & 0xff);
289 }
290 wrmsr(msr, msrv);
291 mrd += 8;
292 }
293 msr = MSR_MTRR16kBase;
294 for (i = 0; i < (MTRR_N16K / 8); i++, msr++) {
(kgdb) list ../../i386/i386/i686_mem.c:270
265 {
266 struct mem_range_softc *sc = (struct mem_range_softc *)arg;
267 struct mem_range_desc *mrd;
268 u_int64_t msrv;
269 int i, j, msr;
270 u_int cr4save;
271
272 mrd = sc->mr_desc;
273
274 cr4save = rcr4(); /* save cr4 */
(kgdb)
275 if (cr4save & CR4_PGE)
276 load_cr4(cr4save & ~CR4_PGE);
277 load_cr0((rcr0() & ~CR0_NW) | CR0_CD); /* disable caches (CD = 1, NW = 0) */
278 wbinvd(); /* flush caches, TLBs */
279 wrmsr(MSR_MTRRdefType, rdmsr(MSR_MTRRdefType) & ~0x800); /* disable MTRRs (E = 0) */
280
281 /* Set fixed-range MTRRs */
282 if (sc->mr_cap & MR686_FIXMTRR) {
283 msr = MSR_MTRR64kBase;
284 for (i = 0; i < (MTRR_N64K / 8); i++, msr++) {
(kgdb)
285 msrv = 0;
286 for (j = 7; j >= 0; j--) {
287 msrv = msrv << 8;
288 msrv |= (i686_mtrrtype((mrd + j)->mr_flags) & 0xff);
289 }
290 wrmsr(msr, msrv);
291 mrd += 8;
292 }
293 msr = MSR_MTRR16kBase;
294 for (i = 0; i < (MTRR_N16K / 8); i++, msr++) {
(kgdb) quit
>How-To-Repeat:
Just start X. I also have a A7M266 motherboard and it works fine.
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200106260359.f5Q3xBw03417>